This project is a Python-based application that uses the SAP Generative AI Hub SDK to interact with OpenAI's GPT-4o model for threat modeling and tech spec analysis. The application performs risk classification, rapid risk assessment (RRA), and security review using best practices. For a POC, sample spec of best practices are stored under best_practices directory against which review is perfomred.
The project can also run Threat Model analysis on a uploaded image. The project uses the OpenAI vision API to provide analysis based on the STRIDE methodology. https://platform.openai.com/docs/guides/vision
The project was developed to explore the opportunities how we can integrate LLM's as part of AppSec activities in SDLC
- File Upload: Upload tech spec documents in PDF format.
- Risk Classification: Classify risks based on the content of the tech spec.
- Rapid Risk Assessment (RRA): Perform rapid risk assessment using Mozilla’s RRA guide.
- Security Review: Conduct a security review and provide citations from best practices.
-
Clone the repository:
git clone https://github.com/yourusername/tech-spec-analysis.git cd tech-spec-analysis -
Create a virtual environment:
python3 -m venv venv source venv/bin/activate -
Install the required dependencies:
pip install -r requirements.txt
-
For Tech Spec Analysis Run the application:
streamlit run main.py
-
Upload a tech spec PDF: Use the file uploader in the Streamlit app to upload your tech spec document.
-
View Analysis Results: The application will display the risk classification, rapid risk assessment, and security review results.
-
For Threat modelling Analysis Run the application:
streamlit run main1.py
-
Upload a Data Flow Diagram: Use the file uploader in the Streamlit app to upload your DFD diagram.
-
View Analysis Results: The application will display the Threat Type, Scenario, Potential Impact and Component.
- Fork the repository.
- Create a new branch (
git checkout -b feature-branch). - Make your changes.
- Commit your changes (
git commit -m 'Add some feature'). - Push to the branch (
git push origin feature-branch). - Open a pull request.
This project is licensed under the MIT License.
This project was developed with assistance from Large Language Models (LLMs) GPT4o. While efforts have been made to ensure quality and accuracy, please review and validate the code according to your specific needs.